Firewall — CSF & Basic
Firewall — CSF & Basic
Role: admin.
CSF status — GET /api/v1/csf/status
Response 200 (verified live, abridged):
{ "data": {
"alerts": { "email": "", "enabled": true, "running": true,
"failures": 0, "unnotified": 34, "smtp_configured": false,
"webhook": false, "emails_sent": 0, "webhooks_sent": 0 },
"alerts_24h": 1, "blacklist_count": 0,
"blocklist": { "blocklists": [
{ "name": "spamhaus_drop", "enabled": true,
"entry_count": 1611, "last_error": "",
"last_updated": "2026-05-11T17:15:03+07:00" } ] } } }
Blacklist / whitelist
GET /api/v1/csf/blacklist → { "data": [], "success": true }
(verified live). Same for /csf/whitelist.
POST /api/v1/csf/blacklist Request:
{ "ip": "192.168.1.100", "comment": "bruteforce", "ttl": 86400 }
ttl: 0 = permanent. Response 400 (verified live — empty body):
{ "success": false, "code": "VALIDATION_ERROR",
"error": "IP address is required",
"message": "IP address is required", "status": 400 }
DELETE /csf/blacklist/:ip · /csf/whitelist/:ip.
GET /csf/check-ip?ip=1.2.3.4.
Config / ports / subsystems
GET | PUT /csf/config; POST /csf/reload · /csf/apply (no body).
Ports: GET /csf/ports/; POST /csf/ports/
{ "port": 8080, "protocol": "tcp", "direction": "in" };
DELETE /csf/ports/:port. GET status: /csf/lfd/{status,failures},
/csf/conntrack/{status,connections}, /csf/blocklists/,
/csf/{portflood,synflood,bogon,geoip,portscan}/status,
/csf/alerts · /csf/alerts-service/status.
Basic firewall — /api/v1/firewall
GET /firewall/rules · /firewall/status; POST /firewall/rules
{ "chain": "INPUT", "protocol": "tcp", "port": 80, "action": "ACCEPT" }; POST /firewall/toggle
{ "enabled": true }; DELETE /firewall/rules/:id.
Conventions → Authentication, Error Handling.